Always use TLSv1.0 for record layer version in TLSv1.3

TLSv1.3 freezes the record layer version and ensures that it is always set to TLSv1.0. Some implementations check this. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2157)
author: Matt Caswell <matt@openssl.org> 2017-01-02 11:40:16 +0000
committer: Matt Caswell <matt@openssl.org> 2017-01-10 23:02:50 +0000
commit: d24c6a34ce4af11cd09aadd6a0f356cb2bd7fa4f (patch)
tree: 441d043312c1f4d3a1b73855df1d9a286cda979d /ssl
parent: 710eb47fdd01e9955151868b07e135c563bf4b76 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 3ffe29ad00..01e3db26cb 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -784,7 +784,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
     /* Clear our SSL3_RECORD structures */
     memset(wr, 0, sizeof wr);
     for (j = 0; j < numpipes; j++) {
-        unsigned int version = s->version;
+        unsigned int version = SSL_IS_TLS13(s) ? TLS1_VERSION : s->version;
         unsigned char *compressdata = NULL;
         size_t maxcomplen;
         unsigned int rectype;
author	Matt Caswell <matt@openssl.org>	2017-01-02 11:40:16 +0000
committer	Matt Caswell <matt@openssl.org>	2017-01-10 23:02:50 +0000
commit	d24c6a34ce4af11cd09aadd6a0f356cb2bd7fa4f (patch)
tree	441d043312c1f4d3a1b73855df1d9a286cda979d /ssl
parent	710eb47fdd01e9955151868b07e135c563bf4b76 (diff)